+++ /dev/null
-/*
- * Copyright (c) 2000-2004,2011-2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-//
-// KCCursor.cpp
-//
-
-#include "KCCursor.h"
-
-#include "Item.h"
-#include <security_cdsa_utilities/Schema.h>
-#include <security_cdsa_utilities/KeySchema.h>
-#include "cssmdatetime.h"
-#include "Globals.h"
-#include "StorageManager.h"
-#include <Security/SecKeychainItemPriv.h>
-#include <SecBase.h>
-
-using namespace KeychainCore;
-using namespace CssmClient;
-using namespace CSSMDateTimeUtils;
-
-using namespace KeySchema;
-
-// define a table of our attributes for easy lookup
-static const CSSM_DB_ATTRIBUTE_INFO* gKeyAttributeLookupTable[] =
-{
- &KeyClass, &PrintName, &Alias, &Permanent, &Private, &Modifiable, &Label, &ApplicationTag, &KeyCreator,
- &KeyType, &KeySizeInBits, &EffectiveKeySize, &StartDate, &EndDate, &Sensitive, &AlwaysSensitive, &Extractable,
- &NeverExtractable, &Encrypt, &Decrypt, &Derive, &Sign, &Verify, &SignRecover, &VerifyRecover, &Wrap, &Unwrap
-};
-
-//
-// KCCursorImpl
-//
-KCCursorImpl::KCCursorImpl(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList, CSSM_DB_CONJUNCTIVE dbConjunctive, CSSM_DB_OPERATOR dbOperator) :
- mSearchList(searchList),
- mCurrent(mSearchList.begin()),
- mAllFailed(true),
- mMutex(Mutex::recursive)
-{
- recordType(Schema::recordTypeFor(itemClass));
-
- if (!attrList) // No additional selectionPredicates: we are done
- return;
-
- conjunctive(dbConjunctive);
- const SecKeychainAttribute *end=&attrList->attr[attrList->count];
- // Add all the attrs in attrs list to the cursor.
- for (const SecKeychainAttribute *attr=attrList->attr; attr != end; ++attr)
- {
- const CSSM_DB_ATTRIBUTE_INFO *temp;
-
- if (attr->tag <' ') // ok, is this a key schema? Handle differently, just because we can...
- {
- temp = gKeyAttributeLookupTable[attr->tag];
- }
- else
- {
- temp = &Schema::attributeInfo(attr->tag);
- }
- const CssmDbAttributeInfo &info = *temp;
- void *buf = attr->data;
- UInt32 length = attr->length;
- uint8 timeString[16];
-
- // XXX This code is duplicated in NewItemImpl::setAttribute()
- // Convert a 4 or 8 byte TIME_DATE to a CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE
- // style attribute value.
- if (info.format() == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE)
- {
- if (length == sizeof(UInt32))
- {
- MacSecondsToTimeString(*reinterpret_cast<const UInt32 *>(buf),
- 16, &timeString);
- buf = &timeString;
- length = 16;
- }
- else if (length == sizeof(SInt64))
- {
- MacLongDateTimeToTimeString(*reinterpret_cast<const SInt64 *>(buf),
- 16, &timeString);
- buf = &timeString;
- length = 16;
- }
- }
- add(dbOperator ,info, CssmData(buf,length));
- }
-}
-
-KCCursorImpl::KCCursorImpl(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList) :
- mSearchList(searchList),
- mCurrent(mSearchList.begin()),
- mAllFailed(true),
- mMutex(Mutex::recursive)
-{
- if (!attrList) // No additional selectionPredicates: we are done
- return;
-
- conjunctive(CSSM_DB_AND);
- bool foundClassAttribute=false;
- const SecKeychainAttribute *end=&attrList->attr[attrList->count];
- // Add all the attrs in attrs list to the cursor.
- for (const SecKeychainAttribute *attr=attrList->attr; attr != end; ++attr)
- {
- if (attr->tag!=kSecClassItemAttr) // a regular attribute
- {
- const CssmDbAttributeInfo &info = Schema::attributeInfo(attr->tag);
- void *buf = attr->data;
- UInt32 length = attr->length;
- uint8 timeString[16];
-
- // XXX This code is duplicated in NewItemImpl::setAttribute()
- // Convert a 4 or 8 byte TIME_DATE to a CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE
- // style attribute value.
- if (info.format() == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE)
- {
- if (length == sizeof(UInt32))
- {
- MacSecondsToTimeString(*reinterpret_cast<const UInt32 *>(buf),
- 16, &timeString);
- buf = &timeString;
- length = 16;
- }
- else if (length == sizeof(SInt64))
- {
- MacLongDateTimeToTimeString(*reinterpret_cast<const SInt64 *>(buf),
- 16, &timeString);
- buf = &timeString;
- length = 16;
- }
- }
- add(CSSM_DB_EQUAL,info, CssmData(buf,length));
-
- continue;
- }
-
- // the class attribute
- if (foundClassAttribute || attr->length != sizeof(SecItemClass))
- MacOSError::throwMe(errSecParam); // We have 2 different 'clas' attributes
-
- recordType(Schema::recordTypeFor(*reinterpret_cast<SecItemClass *>(attr->data)));
- foundClassAttribute=true;
- }
-}
-
-KCCursorImpl::~KCCursorImpl() throw()
-{
-}
-
-//static ModuleNexus<Mutex> gActivationMutex;
-
-bool
-KCCursorImpl::next(Item &item)
-{
- StLock<Mutex>_(mMutex);
- DbAttributes dbAttributes;
- DbUniqueRecord uniqueId;
- OSStatus status = 0;
-
- for (;;)
- {
- while (!mDbCursor)
- {
- if (mCurrent == mSearchList.end())
- {
- // If we got always failed when calling mDbCursor->next return the error from
- // the last call to mDbCursor->next now
- if (mAllFailed && status)
- CssmError::throwMe(status);
-
- // No more keychains to search so we are done.
- return false;
- }
-
- try
- {
- // StLock<Mutex> _(gActivationMutex()); // force serialization of cursor creation
- Keychain &kc = *mCurrent;
- Mutex* mutex = kc->getKeychainMutex();
- StLock<Mutex> _(*mutex);
- (*mCurrent)->database()->activate();
- mDbCursor = DbCursor((*mCurrent)->database(), *this);
- }
- catch(const CommonError &err)
- {
- ++mCurrent;
- }
- }
-
- Keychain &kc = *mCurrent;
- Mutex* mutex = kc->getKeychainMutex();
- StLock<Mutex> _(*mutex);
-
- bool gotRecord;
- try
- {
- // Clear out existing attributes first!
- // (the previous iteration may have left attributes from a different schema)
- dbAttributes.clear();
-
- gotRecord = mDbCursor->next(&dbAttributes, NULL, uniqueId);
- mAllFailed = false;
- }
- catch(const CommonError &err)
- {
- // Catch the last error we get and move on to the next keychain
- // This error will be returned when we reach the end of our keychain list
- // iff all calls to KCCursorImpl::next failed
- status = err.osStatus();
- gotRecord = false;
- dbAttributes.invalidate();
- }
- catch(...)
- {
- // Catch all other errors
- status = errSecItemNotFound;
- gotRecord = false;
- }
-
- // If we did not get a record from the current keychain or the current
- // keychain did not exist skip to the next keychain in the list.
- if (!gotRecord)
- {
- ++mCurrent;
- mDbCursor = DbCursor();
- continue;
- }
-
- // If doing a search for all records, skip the db blob added by the CSPDL
- if (dbAttributes.recordType() == CSSM_DL_DB_RECORD_METADATA &&
- mDbCursor->recordType() == CSSM_DL_DB_RECORD_ANY)
- continue;
-
- // Filter out group keys at this layer
- if (dbAttributes.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
- {
- bool groupKey = false;
- try
- {
- // fetch the key label attribute, if it exists
- dbAttributes.add(KeySchema::Label);
- Db db((*mCurrent)->database());
- CSSM_RETURN getattr_result = CSSM_DL_DataGetFromUniqueRecordId(db->handle(), uniqueId, &dbAttributes, NULL);
- if (getattr_result == CSSM_OK)
- {
- CssmDbAttributeData *label = dbAttributes.find(KeySchema::Label);
- CssmData attrData;
- if (label)
- attrData = *label;
- if (attrData.length() > 4 && !memcmp(attrData.data(), "ssgp", 4))
- groupKey = true;
- }
- else
- {
- dbAttributes.invalidate();
- }
- }
- catch (...) {}
-
- if (groupKey)
- continue;
- }
-
- break;
- }
-
- // Go though Keychain since item might already exist.
- Keychain &kc = *mCurrent;
- StLock<Mutex> _mutexLocker(*kc->getKeychainMutex());
- item = (*mCurrent)->item(dbAttributes.recordType(), uniqueId);
- return true;
-}
-
-
-
-bool KCCursorImpl::mayDelete()
-{
- if (mDbCursor.get() != NULL)
- {
- return mDbCursor->isIdle();
- }
- else
- {
- return true;
- }
-}
projects / apple / security.git / blobdiff